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(54) Arrangement for network access via the telecommunication network by remote-controlled 
filter 



(57) The invention relates to an arrangement to 
check/control access to I P-networks via the telecommu- 
nication network. A personal computer is connected via 
the telecommunication network to an interface pool 
which constitutes interface between the telecommuni- 
cation network and the IP-network. According to the in- 
vention there is a remote-controlled fitter which can be 
controlled to allow access to the IP -network. An access 



check/control server checks the authorization of the us- 
er of the personal computer and controls the remote- 
controlled filter depending on the authorization check. 
The remote-controlled filter initially only allows access 
to the access check/control server. The access check/ 
control server further can attend to debiting of the user 
of the personal computer, and check different blocking 
functions for the access to the IP-network. 




PrknedbyJotfw, 75001 PARIS (FR) 



EP0 762 707 A2 



Description 

TECHNICAL FIELD 

The present invention relates to an arrangement for s 
network access, especially access to TCP/IP-networks, 
for instance Internet. The access is controlled by a filter 
which can be remote-controlled by a special server 
which checks the user's authorization and controls the 
access to the IP-network. The special access check/ 10 
control server allows that the authorization check/con- 
trol is moved from the interface between the telecom- 
munication network and the IP-network, which makes 
possible more efficiency and extended functionality. 

15 

PRIOR ART 

In the systems of today a user's access authoriza- 
tion is checked and debiting for modem pools is attend- 
ed to by a terminal server which is arranged at or in the 20 
modem pool. Each modem pool consequently has a 
server of its own which checks the access. This means 
that the modem pools are unnecessarily burdened with 
technology and costs. 

According to the present invention a separate ac- 2s 
cess check/control server is provided which can be lo- 
cated in just any place in the system. This means a more 
effective utilization and also makes possible extended 
functionality in the server, which will be explained in 
more details be tow. 30 

SUMMARY OF THE INVENTION 

Consequently the present invention provides an ar- 
rangement to check/control access to IP-networks via 35 
the telecommunication networks. The arrangement in- 
cludes a personal computer connected via the telecom- 
munication network to an interface pool which consti- 
tutes the interface between the telecommunication net- 
work and the IP-network. 40 

According to the invention, the arrangement in- 
cludes a remote-controlled filter which can be controlled 
to allow access to the IP-network, and an access check/ 
control server which can check the authorization of the 
user of the personal computer, and control the remote- *s 
controlled filter depending on the authorization check. 

Preferably the normal state of the filter is only to al- 
low access to the access check/control server. The ac- 
cess check/control server also can attend to debiting 
and different blocking functions in accordance with pre- so 
ferred embodiments of the invention. 

The invention is defined in details in enclosed pat- 
ent claims. 

BRIEF DESCRIPTION OF THE DRAWING ss 

The invention will be described in details below with 
references to the drawing, where the only drawing is a 



combined bkxh diagram and flow chart over a preferred 
embodiment of the present invention. 

1 ) The filter only allows access to the access check/ 
control server. 

2) Order to open to full Intemet^access after check. 

3) The filter is open to full Internet-access for the IP- 
number of the calling computer. 

DETAILED DESCRIPTION OF PREFERRED 
EMBODIMENTS 

The present invention consequently relates to an 
arrangement for access check/controf by means of a 
server connected in just any place in a TCP/IP-network, 
for instance Internet. The arrangement makes possible 
that the debiting can be managed by the server. The in- 
vention also makes possible advertisement financing of 
the access, i.e. that one does not get access to the net- 
work before one has studied an advertisement mes- 
sage. 

In the figure is shown how a user's personal com- 
puter via the telecommunication network and a modem 
pool and filter is connected to an IP-network. An access 
check/control server checks the authorization of the us- 
er, and controls a remote-controlled filter to control the 
access. The arrows 1 , 2 and 3 describe the steps to 
open the access to the IP-network. 

A user connects himself/herself via the telecommu- 
nication network towards a modem pool or interface 
pool. With interface pool is here meant any form of 
equipment which allows a user to connect himself/her- 
self from the telecommunication network to the TCP/IP- 
network. (Transmission Control Protocol/Internet Proto- 
col is an international standard). In the simplest case the 
interface pool consists of a number of modems connect- 
ed to a terminal server. The functionality can be gath- 
ered in one and the same equipment. Further, it need 
not be modems; it also can be ATM- or ISDN-adapters 
or - cards. The protocol which is used for the communi- 
cation is typically Point-to- Point Protocol (PPP) or Serial 
Line Internet Protocol (SLIP). The user need either not 
log in to the modem pool, or is the logging in identity and 
password the same for all users. The user is by the mo- 
dem pool allocated (dynamically allocated) an IP- 
number, i.e. an IP-address. 

A filter (a router connected to a computer or a fire- 
wall) is connected between the modem pool and the IP- 
network. This filter allows the calling user initially access 
only to the server where the access check takes place. 
This can for instance be a World Wide Web-server. This 
is the reason for that no special user identification is nec- 
essary in the modem pool. 

After authorization check of the user and possibly 
debiting, a program module is activated in the server. 
This program module now transmits a (suitably encrypt- 
ed) message to the filter about that it shall open for just 
this user's IP-address, so that the user gets access to a 
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number of servers (for instance all servers) on the IP- 
network. The fitter stays in open position until the user 
has disconnected. Then a message is transmitted from 
the modem pool to the filter about that the user's IP- 
number shall be blocked, i.e that access only shall be s 
allowed to the access check/control server again. Alter- 
natively this message can be transmitted next time a us- 
er who has connected himself/herself has been allocat- 
ed the same IP-number. 

Instead of authorization check and debiting being 10 
made in the access check/control server, or as comple- 
ment to this, the IP-network access can be advertise- 
ment financed. This is arranged by the user having to 
study an advertisement message. When this has been 
done, the program module which opens for the IP-net- is 
work access is activated. To ensure that the user has 
studied the advertisement message, a number of ques- 
tions can be made in connection to it. Only after the 
questions have been satisfactorily answered, is opened 
for the network access. 20 

The above described system can be used to block 
certain servers in Internet or other IP-networks. This is 
made by messages being transmitted to all filters about 
which addresses that shall be blocked. The fitters after 
that block for all these addresses even after they have 2s 
openend for full access to one user. 

The above described system also can be used to 
give certain users restricted access to the IP-network. 
By arranging special profiles (lists) over which IP-net- 
work addresses that are albwed respective not allowed, 30 
the filter can be set selectively for a certain user when 
he/she opens for IP-network access in the access 
check/control server. The profiles can be in the access 
check/control server and be transmitted to the filter via 
the opening. Alternatively, profiles can be predefined in 35 
the filter and the onfy thing transmitted from the access 
check/control server is the message about which profile 
that shall be used. 

This functionality can for instance be utilized to pre- 
vent that certain users get access to certain pomogra- 40 
phy-related servers. 

Consequently the arrangement according to the 
present invention implies that the access check/control 
is moved out from the interface pool to just any place in 
the system. This means that the number of access 45 
check/control servers which are required can be re- 
duced, and each access check/control server can by 
that be made more effective and offer extended func- 
tionality. The hardware and the software which is re- 
quired to realize the invention is easily realized by an so 
expert in the field. The invention is only restricted by the 
following patent claims. 



one personal computer connected via the telecom- 
munication network to an interface pool which con- 
stitutes interface between the telecommunication 
network and the iP-network, characterized in at 
least one remote-controlled filter which can be con- 
trolled to allow access to the IP-network, and an ac- 
cess check/control server which can check the au- 
thorization of the user of the personal computer and 
control the remote-controlled filter depending on the 
authorization check. 

2. Arrangement according to patent claim 1 , 
characterized in that the remote-controlled filter 
before the authorization check only allows access 
to the access check/control server. 

3. Arrangement according to patent claim 2, 
characterized in that the normal state of the re- 
mote-controlled filter after finished access for the 
user of the personal computer only is to allow ac- 
cess to the access check/control server. 

4. Arrangement according to any of the previous 
claims, 

characterized in that the access check/control 
server attends to debiting of the user of the personal 
computer. 

5. Arrangement according to any of the previous 
claims, 

characterized in that the interface pool is a modem 
pool. 

6. Arrangement according to any of the previous pat- 
ent claims, 

characterized in that the access check/control 
server as complement or alternative to the authori- 
zation check and the debiting, is arranged to attend 
to transmission of a preferably interactive advertise- 
ment message to the user of the personal computer. 

7. Arrangement according to any of the previous pat- 
ent claims, 

characterized in that the access check/control 
server blocks access to certain IP-network address- 
es. 

8. Arrangement according to any of the previous pat- 
ent claims, 

characterized in that the access check/control 
server, depending on for the user of the personal 
computer individual authorization profiles, blocks 
access to certain IP-network addresses. 



Claims 



Arrangement to check/control access to IP-network 
via telecommunication network, including at least 



55 g. Arrangement according to patent claim 8, 

characterized in that individual authorization pro- 
files are stored in the access check/control server. 
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10. Arrangement according to patent claim 8, 

characterized in that predefined authorization pro- 
files are stored in the remote-controlled filter, at 
which the authorization check can imply that an au- 
thorization profile is tied to the user of the personal 5 
computer. 
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Figure 1 
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